AZL-56436

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56436.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-56436

Upstream

CVE-2025-23015

Published

2025-02-04T10:15:09Z

Modified

2026-04-01T05:18:54.138527Z

Summary

CVE-2025-23015 affecting package cassandra 5.0.0-2

Details

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.

This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.

Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23015

Affected packages

Azure Linux:3 / cassandra

Package

Name: cassandra
Purl: pkg:rpm/azure-linux/cassandra

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.0.0-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-56436.json"